CVE-2023-6114

Опубликовано: 26 дек. 2023

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory (or the backups-dup-pro/tmp directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.

Ссылки

https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing
Exploit
https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1
Exploit
Third Party Advisory
https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing
Exploit
https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:awesomemotive:duplicator:*:*:*:*:-:wordpress:*:*

Версия до 1.5.7.1 (исключая)

cpe:2.3:a:awesomemotive:duplicator:*:*:*:*:pro:wordpress:*:*

Версия до 4.5.14.2 (исключая)

EPSS

Процентиль: 98%

0.61257

Средний

7.5 High

CVSS3

Дефекты

CWE-552

Связанные уязвимости

GHSA-769q-5ww3-v8ww

CVSS3: 7.5

github

около 2 лет назад

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.

EPSS

Процентиль: 98%

0.61257

Средний

7.5 High

CVSS3

Дефекты

CWE-552